Vulnerability-Lookup

CVE-2014-8176 (GCVE-0-2014-8176)

Vulnerability from cvelistv5 – Published: 2015-06-12 00:00 – Updated: 2024-08-06 13:10

Summary

The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

URL

Tags

	http://www.debian.org/security/2015/dsa-3287	vendor-advisory
	https://kc.mcafee.com/corporate/index?page=conten…
	http://fortiguard.com/advisory/openssl-vulnerabil…
	https://openssl.org/news/secadv/20150611.txt
	http://rhn.redhat.com/errata/RHSA-2015-1115.html	vendor-advisory
	https://h20566.www2.hpe.com/portal/site/hpsc/publ…
	http://www.securitytracker.com/id/1032564	vdb-entry
	http://tools.cisco.com/security/center/content/Ci…	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	http://www.securityfocus.com/bid/75159	vdb-entry
	http://www.ubuntu.com/usn/USN-2639-1	vendor-advisory
	http://www.fortiguard.com/advisory/openssl-vulner…
	https://github.com/openssl/openssl/commit/470990f…
	https://security.gentoo.org/glsa/201506-02	vendor-advisory
	https://rt.openssl.org/Ticket/Display.html?id=328…
	http://rhn.redhat.com/errata/RHSA-2016-2957.html	vendor-advisory
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisory
	https://bto.bluecoat.com/security-advisory/sa98
	http://ftp.netbsd.org/pub/NetBSD/security/advisor…	vendor-advisory
	https://www.openssl.org/news/secadv_20150611.txt
	https://cert-portal.siemens.com/productcert/pdf/s…

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T13:10:50.919Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3287",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "name": "RHSA-2015:1115",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "name": "1032564",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032564"
          },
          {
            "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
          },
          {
            "name": "openSUSE-SU-2015:1277",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "75159",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75159"
          },
          {
            "name": "USN-2639-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2639-1"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
          },
          {
            "name": "GLSA-201506-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
          },
          {
            "name": "RHSA-2016:2957",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "SUSE-SU-2015:1185",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "name": "NetBSD-SA2015-008",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-06-11T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-13T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "DSA-3287",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3287"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
        },
        {
          "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "url": "https://openssl.org/news/secadv/20150611.txt"
        },
        {
          "name": "RHSA-2015:1115",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
        },
        {
          "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
        },
        {
          "name": "1032564",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1032564"
        },
        {
          "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
        },
        {
          "name": "openSUSE-SU-2015:1277",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
        },
        {
          "name": "75159",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/75159"
        },
        {
          "name": "USN-2639-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2639-1"
        },
        {
          "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
        },
        {
          "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
        },
        {
          "name": "GLSA-201506-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/201506-02"
        },
        {
          "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
        },
        {
          "name": "RHSA-2016:2957",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
        },
        {
          "name": "SUSE-SU-2015:1185",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
        },
        {
          "url": "https://bto.bluecoat.com/security-advisory/sa98"
        },
        {
          "name": "NetBSD-SA2015-008",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
        },
        {
          "url": "https://www.openssl.org/news/secadv_20150611.txt"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2014-8176",
    "datePublished": "2015-06-12T00:00:00.000Z",
    "dateReserved": "2014-10-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T13:10:50.919Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GHSA-QWVG-RFMC-974P

Vulnerability from github – Published: 2022-05-14 03:59 – Updated: 2022-05-14 03:59

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-8176"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-06-12T19:59:00Z",
    "severity": "HIGH"
  },
  "details": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.",
  "id": "GHSA-qwvg-rfmc-974p",
  "modified": "2022-05-14T03:59:44Z",
  "published": "2022-05-14T03:59:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-8176"
    },
    {
      "type": "WEB",
      "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
    },
    {
      "type": "WEB",
      "url": "https://bto.bluecoat.com/security-advisory/sa98"
    },
    {
      "type": "WEB",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "type": "WEB",
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
    },
    {
      "type": "WEB",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
    },
    {
      "type": "WEB",
      "url": "https://openssl.org/news/secadv/20150611.txt"
    },
    {
      "type": "WEB",
      "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201506-02"
    },
    {
      "type": "WEB",
      "url": "https://www.openssl.org/news/secadv_20150611.txt"
    },
    {
      "type": "WEB",
      "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
    },
    {
      "type": "WEB",
      "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
    },
    {
      "type": "WEB",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
    },
    {
      "type": "WEB",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3287"
    },
    {
      "type": "WEB",
      "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/75159"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032564"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2639-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2021-AVI-669

Vulnerability from certfr_avis - Published: 2021-09-01 - Updated: 2021-09-01

De multiples vulnérabilités ont été découvertes dans les produits Moxa. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Moxa	N/A	micrologiciel des équipements de la gamme WAC-2004 : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme OnCell G3470A sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme WDR-3124A : ces équipements ne sont plus maintenus et ne bénéficieront pas de correctif
Moxa	N/A	micrologiciel des équipements de la gamme WAC-1001 sans le dernier correctif
Moxa	N/A	micrologiciel des équipements de la gamme TAP-323 sans le dernier correctif

References

Title

Publication Time

Tags

Bulletin de sécurité Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021	None	vendor-advisory
Bulletin de sécurité Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-2004 : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme OnCell G3470A sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WDR-3124A : ces \u00e9quipements ne sont plus maintenus et ne b\u00e9n\u00e9ficieront pas de correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme WAC-1001 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    },
    {
      "description": "micrologiciel des \u00e9quipements de la gamme TAP-323 sans le dernier correctif",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moxa",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2012-2136",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2136"
    },
    {
      "name": "CVE-2012-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0207"
    },
    {
      "name": "CVE-2018-6485",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-6485"
    },
    {
      "name": "CVE-2017-7618",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-7618"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2010-4805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4805"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2017-11176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-11176"
    },
    {
      "name": "CVE-2016-4997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-4997"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2006-2940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2940"
    },
    {
      "name": "CVE-2021-39279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39279"
    },
    {
      "name": "CVE-2021-39278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-39278"
    },
    {
      "name": "CVE-2012-6638",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6638"
    },
    {
      "name": "CVE-2014-2523",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-2523"
    },
    {
      "name": "CVE-2016-10229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10229"
    },
    {
      "name": "CVE-2016-7039",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7039"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2011-0709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-0709"
    },
    {
      "name": "CVE-2010-4251",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4251"
    },
    {
      "name": "CVE-2014-3512",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3512"
    },
    {
      "name": "CVE-2012-3552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-3552"
    },
    {
      "name": "CVE-2012-6701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6701"
    },
    {
      "name": "CVE-2017-1000111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-1000111"
    },
    {
      "name": "CVE-2019-3896",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-3896"
    },
    {
      "name": "CVE-2012-6704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-6704"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2016-8717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8717"
    },
    {
      "name": "CVE-2019-16746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16746"
    },
    {
      "name": "CVE-2016-3134",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-3134"
    },
    {
      "name": "CVE-2008-4609",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4609"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2015-5364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5364"
    },
    {
      "name": "CVE-2014-9984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9984"
    },
    {
      "name": "CVE-2009-1298",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-1298"
    },
    {
      "name": "CVE-2015-1465",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1465"
    },
    {
      "name": "CVE-2012-4412",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-4412"
    },
    {
      "name": "CVE-2014-9402",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-9402"
    },
    {
      "name": "CVE-2006-3738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-3738"
    },
    {
      "name": "CVE-2016-8666",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8666"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2015-0235",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0235"
    },
    {
      "name": "CVE-2016-7117",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7117"
    },
    {
      "name": "CVE-2011-2525",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-2525"
    },
    {
      "name": "CVE-2006-2937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-2937"
    },
    {
      "name": "CVE-2015-7547",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-7547"
    },
    {
      "name": "CVE-2014-5119",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-5119"
    },
    {
      "name": "CVE-2017-8890",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-8890"
    },
    {
      "name": "CVE-2016-7406",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-7406"
    },
    {
      "name": "CVE-2013-7470",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-7470"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2012-0056",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-0056"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2010-2692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-2692"
    },
    {
      "name": "CVE-2016-2148",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2148"
    },
    {
      "name": "CVE-2010-3848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3848"
    },
    {
      "name": "CVE-2010-1162",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-1162"
    }
  ],
  "initial_release_date": "2021-09-01T00:00:00",
  "last_revision_date": "2021-09-01T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-669",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-09-01T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net une atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/tap-323-wac-1001-2004-wireless-ap-bridge-client-vulnerabilities"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moxa oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities du 1 septembre 2021",
      "url": "https://www.moxa.com/en/support/product-support/security-advisory/oncell-g3470a-wdr-3124a-cellular-gateways-router-vulnerabilities"
    }
  ]
}

CERTFR-2015-AVI-257

Vulnerability from certfr_avis - Published: 2015-06-12 - Updated: 2015-06-12

De multiples vulnérabilités ont été corrigées dans OpenSSL. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
OpenSSL	OpenSSL	OpenSSL 1.0.1
OpenSSL	OpenSSL	OpenSSL 0.9.8r et antérieures
OpenSSL	OpenSSL	OpenSSL 1.0.0
OpenSSL	OpenSSL	OpenSSL 1.0.2
OpenSSL	OpenSSL	OpenSSL 1.0.0d et antérieures

References

Title

Publication Time

Tags

Bulletin de sécurité OpenSSL secadv_20150611 du 11 juin 2015	None	vendor-advisory
Bulletin de sécurité OpenSSL secadv_20150611 du 11 juin 2015	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "OpenSSL 1.0.1",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 0.9.8r et ant\u00e9rieures",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 1.0.0",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 1.0.2",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    },
    {
      "description": "OpenSSL 1.0.0d et ant\u00e9rieures",
      "product": {
        "name": "OpenSSL",
        "vendor": {
          "name": "OpenSSL",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2015-4000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    }
  ],
  "initial_release_date": "2015-06-12T00:00:00",
  "last_revision_date": "2015-06-12T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL secadv_20150611 du 11 juin    2015",
      "url": "https://www.openssl.org/news/secadv_20150611.txt"
    }
  ],
  "reference": "CERTFR-2015-AVI-257",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2015-06-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eOpenSSL\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans OpenSSL",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 OpenSSL secadv_20150611 du 11 juin 2015",
      "url": null
    }
  ]
}

CERTFR-2021-AVI-033

Vulnerability from certfr_avis - Published: 2021-01-14 - Updated: 2021-01-14

De multiples vulnérabilités ont été découvertes dans les produits Juniper. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Juniper Networks SRC Series versions antérieures à 4.12.0R6
Juniper Networks	N/A	Juniper Networks Contrail Networking versions antérieures à 1911.31
Juniper Networks	Junos OS Evolved	Juniper Junos OS Evolved versions antérieures à 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S2-EVO, 20.1R1-S4-EVO, 20.1R2-S1-EVO, 20.2R1-EVO, 20.3R1-S1-EVO, 20.3R2-EVO et 20.4R1-EVO
Juniper Networks	Junos OS	Juniper Junos OS versions antérieures à 12.3R12-S17, 12.3X48-D105, 14.1X53-D53, 15.1R7-S6, 15.1R7-S7, 15.1R7-S8, 15.1X49-D230, 15.1X49-D240, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S11, 17.4R2-S12, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S9, 18.2R2-S7, 18.2R2-S8, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2X75-D34, 18.3R2-S4, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.4R1-S5, 18.4R1-S8, 18.4R2-S3, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 19.1R1-S4, 19.1R1-S5, 19.1R1-S6, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.2R1-S2, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R2-S1, 19.2R3, 19.2R3-S1, 19.3R2, 19.3R2-S1, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.4R1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R2-S1, 19.4R2-S2, 19.4R2-S3, 19.4R3, 19.4R3-S1, 20.1R1 , 20.1R1-S2, 20.1R1-S3, 20.1R1-S4, 20.1R2, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R1-S3, 20.2R2, 20.3R1, 20.3R1-S1, 20.3R2 et 20.4R1

References

Title

Publication Time

Tags

Bulletin de sécurité Juniper JSA11096 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11098 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11097 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11094 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11104 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11099 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11093 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11101 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11088 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11092 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11091 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11100 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11095 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11090 du 13 janvier 2021	None	vendor-advisory
Bulletin de sécurité Juniper JSA11102 du 13 janvier 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Juniper Networks SRC Series versions ant\u00e9rieures \u00e0 4.12.0R6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Networks Contrail Networking versions ant\u00e9rieures \u00e0 1911.31",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS Evolved versions ant\u00e9rieures \u00e0 19.3R2-S5-EVO, 19.4R2-S2-EVO, 20.1R1-S2-EVO, 20.1R1-S4-EVO, 20.1R2-S1-EVO, 20.2R1-EVO, 20.3R1-S1-EVO, 20.3R2-EVO et 20.4R1-EVO",
      "product": {
        "name": "Junos OS Evolved",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    },
    {
      "description": "Juniper Junos OS versions ant\u00e9rieures \u00e0 12.3R12-S17, 12.3X48-D105, 14.1X53-D53, 15.1R7-S6, 15.1R7-S7, 15.1R7-S8, 15.1X49-D230, 15.1X49-D240, 16.1R7-S7, 16.1R7-S8, 17.1R2-S11, 17.2R3-S3, 17.2R3-S4, 17.3R2-S5, 17.3R3-S10, 17.3R3-S7, 17.3R3-S8, 17.3R3-S9, 17.4R2-S11, 17.4R2-S12, 17.4R2-S9, 17.4R3, 17.4R3-S2, 17.4R3-S3, 17.4R3-S4, 18.1R3-S10, 18.1R3-S11, 18.1R3-S12, 18.1R3-S9, 18.2R2-S7, 18.2R2-S8, 18.2R3-S3, 18.2R3-S4, 18.2R3-S5, 18.2R3-S6, 18.2R3-S7, 18.2X75-D34, 18.3R2-S4, 18.3R3-S1, 18.3R3-S2, 18.3R3-S3, 18.3R3-S4, 18.4R1-S5, 18.4R1-S8, 18.4R2-S3, 18.4R2-S5, 18.4R2-S6, 18.4R2-S7, 18.4R3, 18.4R3-S1, 18.4R3-S2, 18.4R3-S3, 18.4R3-S4, 18.4R3-S5, 18.4R3-S6, 19.1R1-S4, 19.1R1-S5, 19.1R1-S6, 19.1R2-S1, 19.1R2-S2, 19.1R3, 19.1R3-S2, 19.1R3-S3, 19.2R1-S2, 19.2R1-S5, 19.2R1-S6, 19.2R2, 19.2R2-S1, 19.2R3, 19.2R3-S1, 19.3R2, 19.3R2-S1, 19.3R2-S3, 19.3R2-S4, 19.3R2-S5, 19.3R3, 19.3R3-S1, 19.4R1, 19.4R1-S2, 19.4R1-S3, 19.4R2, 19.4R2-S1, 19.4R2-S2, 19.4R2-S3, 19.4R3, 19.4R3-S1, 20.1R1 , 20.1R1-S2, 20.1R1-S3, 20.1R1-S4, 20.1R2, 20.2R1, 20.2R1-S1, 20.2R1-S2, 20.2R1-S3, 20.2R2, 20.3R1, 20.3R1-S1, 20.3R2 et 20.4R1",
      "product": {
        "name": "Junos OS",
        "vendor": {
          "name": "Juniper Networks",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0207"
    },
    {
      "name": "CVE-2021-0222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0222"
    },
    {
      "name": "CVE-2018-20997",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20997"
    },
    {
      "name": "CVE-2010-0742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-0742"
    },
    {
      "name": "CVE-2013-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-1741"
    },
    {
      "name": "CVE-2021-0206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0206"
    },
    {
      "name": "CVE-2010-4252",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-4252"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2012-2110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2110"
    },
    {
      "name": "CVE-2019-11478",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11478"
    },
    {
      "name": "CVE-2021-0202",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0202"
    },
    {
      "name": "CVE-2007-5846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5846"
    },
    {
      "name": "CVE-2013-5607",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-5607"
    },
    {
      "name": "CVE-2021-0211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0211"
    },
    {
      "name": "CVE-2014-3567",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-3567"
    },
    {
      "name": "CVE-2020-8617",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8617"
    },
    {
      "name": "CVE-2021-0203",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0203"
    },
    {
      "name": "CVE-2021-0205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0205"
    },
    {
      "name": "CVE-2009-3245",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-3245"
    },
    {
      "name": "CVE-2019-11479",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11479"
    },
    {
      "name": "CVE-2021-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0209"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2019-11477",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-11477"
    },
    {
      "name": "CVE-2011-4109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2011-4109"
    },
    {
      "name": "CVE-2010-3864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2010-3864"
    },
    {
      "name": "CVE-2021-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0208"
    },
    {
      "name": "CVE-2019-13565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13565"
    },
    {
      "name": "CVE-2021-0212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0212"
    },
    {
      "name": "CVE-2020-8616",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8616"
    },
    {
      "name": "CVE-2021-0210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-0210"
    },
    {
      "name": "CVE-2014-1545",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-1545"
    }
  ],
  "initial_release_date": "2021-01-14T00:00:00",
  "last_revision_date": "2021-01-14T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-033",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-01-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11096 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11096\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11098 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11098\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11097 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11097\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11094 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11094\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11104 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11104\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11099 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11099\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11093 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11093\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11101 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11101\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11088 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11088\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11092 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11092\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11091 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11091\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11100 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11100\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11095 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11095\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11090 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11090\u0026cat=SIRT_1\u0026actp=LIST"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA11102 du 13 janvier 2021",
      "url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA11102\u0026cat=SIRT_1\u0026actp=LIST"
    }
  ]
}

CERTFR-2022-AVI-1094

Vulnerability from certfr_avis - Published: 2022-12-13 - Updated: 2022-12-13

De multiples vulnérabilités ont été découvertes dans les produits Siemens. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
Siemens	N/A	SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions antérieures à V3.0.1
Siemens	N/A	SIPROTEC 5, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html
Siemens	N/A	Teamcenter Visualization V13.2.x antérieures à V13.2.0.12
Siemens	N/A	TALON TC Series (BACnet) versions antérieures à V3.5.5
Siemens	N/A	SICAM PAS/PQS versions 8.x antérieures à 8.06
Siemens	N/A	Parasolid versions V35.0.x antérieures à V35.0.170
Siemens	N/A	SIMATIC WinCC Runtime Professional V15 versions antérieures à V15.1 Update 5
Siemens	N/A	PLM Help Server V4.2 toutes versions
Siemens	N/A	SICAM PAS/PQS versions antérieures à 7.0
Siemens	N/A	SIMATIC NET PC Software V15 toutes versions
Siemens	N/A	SINUMERIK Operate versions antérieures à V6.14
Siemens	N/A	SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions
Siemens	N/A	Polarion ALM toutes versions
Siemens	N/A	APOGEE PXC Series (P2 Ethernet) versions antérieures à V2.8.20
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V13 versions antérieures à V13 SP2 Update 4
Siemens	N/A	Mendix Email Connector versions antérieures à 2.0.0
Siemens	N/A	SIMATIC WinCC Runtime Professional V16 versions antérieures à V16 Update 2
Siemens	N/A	JT2Go toutes versions
Siemens	N/A	SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions
Siemens	N/A	SIMATIC NET PC Software V14 versions antérieures à V14 SP1 Update 14
Siemens	N/A	APOGEE PXC Series (BACnet) versions antérieures à V3.5.5
Siemens	N/A	SCALANCE X-200RNA toutes versions
Siemens	N/A	SINAMICS STARTER versions antérieures à V5.4 HF2
Siemens	N/A	Simcenter STAR-CCM+ toutes versions
Siemens	N/A	SIMATIC Automation Tool versions antérieures à V4 SP2
Siemens	N/A	SIMATIC PCS neo versions antérieures à V3.0 SP1
Siemens	N/A	Parasolid versions V33.1.x antérieures à V33.1.264
Siemens	N/A	SIMATIC STEP 7 V5 versions antérieures à V5.6 SP2 HF3
Siemens	N/A	SIMATIC WinCC OA versions V3.18.x antérieures à V3.18 P014
Siemens	N/A	SIMATIC WinCC OA V3.17 versions antérieures à V3.17 P003
Siemens	N/A	SIMATIC WinCC V7.5 versions antérieures à V7.5 SP1 Update 3
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V14 versions antérieures à V14 SP1 Update 10
Siemens	N/A	SIMATIC WinCC Runtime Professional V14 versions antérieures à V14 SP1 Update 10
Siemens	N/A	SINEC NMS versions antérieures à V1.0 SP2
Siemens	N/A	Parasolid versions V34.1.x antérieures à V34.1.242
Siemens	N/A	SIMATIC Drive Controller family versions antérieures à V3.0.1
Siemens	N/A	Teamcenter Visualization V13.3.x
Siemens	N/A	Parasolid versions V34.0.x antérieures à V34.0.252
Siemens	N/A	SCALANCE, pour plus d'informations, veuillez-vous référer aux avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html
Siemens	N/A	Teamcenter Visualization V14.1.x antérieures à V14.1.0.6
Siemens	N/A	Mcenter versions supérieures ou égales à V5.2.1.0
Siemens	N/A	SINEMA Server versions antérieures à V14 SP3
Siemens	N/A	SIMATIC WinCC OA versions V3.17.x antérieures à V3.17 P024
Siemens	N/A	SIMATIC WinCC OA versions V3.15.x
Siemens	N/A	TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions
Siemens	N/A	SIMATIC S7-PLCSIM Advanced versions antérieures à V5.0
Siemens	N/A	SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions supérieures ou égales à V2.13
Siemens	N/A	RUGGEDCOM, pour plus d'informations, veuillez-vous référer à l'avis éditeur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html
Siemens	N/A	SICAM GridPass (6MD7711-2AA00-1EA0) versions supérieures ou égales à V1.80
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V15 versions antérieures à V15.1 Update 5
Siemens	N/A	Teamcenter Visualization V14.0.x
Siemens	N/A	SIMATIC WinCC OA versions V3.16.x antérieures à V3.16 P035
Siemens	N/A	SIMATIC WinCC Runtime Advanced versions antérieures à V16 Update 2
Siemens	N/A	SIMATIC WinCC V7.4 versions antérieures à V7.4 SP1 Update 14
Siemens	N/A	SIMATIC WinCC Runtime Professional V13 versions antérieures à V13 SP2 Update 4
Siemens	N/A	SIMATIC NET PC Software V16 versions antérieures à V16 Upd3
Siemens	N/A	SIMATIC ProSave versions antérieures à V17
Siemens	N/A	SIMATIC S7-1500 Software Controller versions antérieures à V21.8
Siemens	N/A	Mendix Workflow Commons versions antérieures à 2.4.0
Siemens	N/A	SINAMICS Startdrive versions antérieures à V16 Update 3
Siemens	N/A	SIMATIC STEP 7 (TIA Portal) V16 versions antérieures à V16 Update 2
Siemens	N/A	SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions antérieures à V4.6.0
Siemens	N/A	SIMATIC S7-1500 Software Controller toutes versions
Siemens	N/A	SIMATIC WinCC OA V3.16 versions antérieures à V3.16 P018
Siemens	N/A	Calibre ICE versions supérieures ou égales à V2022.4
Siemens	N/A	SINUMERIK ONE virtual versions antérieures à V6.14

References

Title

Publication Time

Tags

Bulletin de sécurité Siemens

2022-12-13

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) versions ant\u00e9rieures \u00e0 V3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPROTEC 5, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-552874.html et https://cert-portal.siemens.com/productcert/html/ssa-223771.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.2.x ant\u00e9rieures \u00e0 V13.2.0.12",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TALON TC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions 8.x ant\u00e9rieures \u00e0 8.06",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V35.0.x ant\u00e9rieures \u00e0 V35.0.170",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "PLM Help Server V4.2 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM PAS/PQS versions ant\u00e9rieures \u00e0 7.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V15 toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK Operate versions ant\u00e9rieures \u00e0 V6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIPLUS TIM 1531 IRC (6AG1543-1MX00-7XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Polarion ALM toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (P2 Ethernet) versions ant\u00e9rieures \u00e0 V2.8.20",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Email Connector versions ant\u00e9rieures \u00e0 2.0.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "JT2Go toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "APOGEE PXC Series (BACnet) versions ant\u00e9rieures \u00e0 V3.5.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE X-200RNA toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS STARTER versions ant\u00e9rieures \u00e0 V5.4 HF2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Simcenter STAR-CCM+ toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Automation Tool versions ant\u00e9rieures \u00e0 V4 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC PCS neo versions ant\u00e9rieures \u00e0 V3.0 SP1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V33.1.x ant\u00e9rieures \u00e0 V33.1.264",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 V5 versions ant\u00e9rieures \u00e0 V5.6 SP2 HF3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.18.x ant\u00e9rieures \u00e0 V3.18 P014",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.17 versions ant\u00e9rieures \u00e0 V3.17 P003",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.5 versions ant\u00e9rieures \u00e0 V7.5 SP1 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V14 versions ant\u00e9rieures \u00e0 V14 SP1 Update 10",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEC NMS versions ant\u00e9rieures \u00e0 V1.0 SP2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V34.1.x ant\u00e9rieures \u00e0 V34.1.242",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC Drive Controller family versions ant\u00e9rieures \u00e0 V3.0.1",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V13.3.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Parasolid versions V34.0.x ant\u00e9rieures \u00e0 V34.0.252",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SCALANCE, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer aux avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html, https://cert-portal.siemens.com/productcert/html/ssa-333517.html, https://cert-portal.siemens.com/productcert/html/ssa-363821.html et https://cert-portal.siemens.com/productcert/html/ssa-412672.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.1.x ant\u00e9rieures \u00e0 V14.1.0.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mcenter versions sup\u00e9rieures ou \u00e9gales \u00e0 V5.2.1.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINEMA Server versions ant\u00e9rieures \u00e0 V14 SP3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.17.x ant\u00e9rieures \u00e0 V3.17 P024",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.15.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "TIM 1531 IRC (6GK7543-1MX00-0XE0) toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-PLCSIM Advanced versions ant\u00e9rieures \u00e0 V5.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC RTLS Locating Manager (6GT2780-0DA00) versions sup\u00e9rieures ou \u00e9gales \u00e0 V2.13",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "RUGGEDCOM, pour plus d\u0027informations, veuillez-vous r\u00e9f\u00e9rer \u00e0 l\u0027avis \u00e9diteur : https://cert-portal.siemens.com/productcert/html/ssa-413565.html",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SICAM GridPass (6MD7711-2AA00-1EA0) versions sup\u00e9rieures ou \u00e9gales \u00e0 V1.80",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V15 versions ant\u00e9rieures \u00e0 V15.1 Update 5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Teamcenter Visualization V14.0.x",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA versions V3.16.x ant\u00e9rieures \u00e0 V3.16 P035",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Advanced versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC V7.4 versions ant\u00e9rieures \u00e0 V7.4 SP1 Update 14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC Runtime Professional V13 versions ant\u00e9rieures \u00e0 V13 SP2 Update 4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC NET PC Software V16 versions ant\u00e9rieures \u00e0 V16 Upd3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC ProSave versions ant\u00e9rieures \u00e0 V17",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller versions ant\u00e9rieures \u00e0 V21.8",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Mendix Workflow Commons versions ant\u00e9rieures \u00e0 2.4.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINAMICS Startdrive versions ant\u00e9rieures \u00e0 V16 Update 3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC STEP 7 (TIA Portal) V16 versions ant\u00e9rieures \u00e0 V16 Update 2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1200 CPU family (incl. SIPLUS variants) versions ant\u00e9rieures \u00e0 V4.6.0",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC S7-1500 Software Controller toutes versions",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SIMATIC WinCC OA V3.16 versions ant\u00e9rieures \u00e0 V3.16 P018",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "Calibre ICE versions sup\u00e9rieures ou \u00e9gales \u00e0 V2022.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    },
    {
      "description": "SINUMERIK ONE virtual versions ant\u00e9rieures \u00e0 V6.14",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Siemens",
          "scada": true
        }
      }
    }
  ],
  "affected_systems_content": "",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2022-46345",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46345"
    },
    {
      "name": "CVE-2020-28388",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-28388"
    },
    {
      "name": "CVE-2015-0208",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0208"
    },
    {
      "name": "CVE-2016-0703",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0703"
    },
    {
      "name": "CVE-2021-40365",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-40365"
    },
    {
      "name": "CVE-2022-41279",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41279"
    },
    {
      "name": "CVE-2022-46353",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46353"
    },
    {
      "name": "CVE-2016-0701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0701"
    },
    {
      "name": "CVE-2019-6110",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6110"
    },
    {
      "name": "CVE-2022-46352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46352"
    },
    {
      "name": "CVE-2015-5600",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5600"
    },
    {
      "name": "CVE-2022-46347",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46347"
    },
    {
      "name": "CVE-2022-46349",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46349"
    },
    {
      "name": "CVE-2015-0292",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0292"
    },
    {
      "name": "CVE-2015-6563",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6563"
    },
    {
      "name": "CVE-2015-0286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0286"
    },
    {
      "name": "CVE-2015-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1791"
    },
    {
      "name": "CVE-2022-46351",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46351"
    },
    {
      "name": "CVE-2015-6564",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6564"
    },
    {
      "name": "CVE-2015-3195",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3195"
    },
    {
      "name": "CVE-2016-0777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0777"
    },
    {
      "name": "CVE-2003-1562",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-1562"
    },
    {
      "name": "CVE-2016-0800",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0800"
    },
    {
      "name": "CVE-2016-2105",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2105"
    },
    {
      "name": "CVE-2016-2177",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2177"
    },
    {
      "name": "CVE-2022-41280",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41280"
    },
    {
      "name": "CVE-2016-2176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2176"
    },
    {
      "name": "CVE-2019-6109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6109"
    },
    {
      "name": "CVE-2022-46346",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46346"
    },
    {
      "name": "CVE-2022-41283",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41283"
    },
    {
      "name": "CVE-2022-46144",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46144"
    },
    {
      "name": "CVE-2016-6302",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6302"
    },
    {
      "name": "CVE-2022-45044",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45044"
    },
    {
      "name": "CVE-2018-4842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4842"
    },
    {
      "name": "CVE-2022-44731",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44731"
    },
    {
      "name": "CVE-2022-46355",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46355"
    },
    {
      "name": "CVE-2016-6303",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6303"
    },
    {
      "name": "CVE-2015-0288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0288"
    },
    {
      "name": "CVE-2022-41288",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41288"
    },
    {
      "name": "CVE-2019-1552",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-1552"
    },
    {
      "name": "CVE-2016-1907",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1907"
    },
    {
      "name": "CVE-2016-2178",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2178"
    },
    {
      "name": "CVE-2022-43517",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43517"
    },
    {
      "name": "CVE-2016-10011",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10011"
    },
    {
      "name": "CVE-2015-6565",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6565"
    },
    {
      "name": "CVE-2022-3160",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3160"
    },
    {
      "name": "CVE-2016-6307",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6307"
    },
    {
      "name": "CVE-2016-2179",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2179"
    },
    {
      "name": "CVE-2022-3786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3786"
    },
    {
      "name": "CVE-2015-4000",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-4000"
    },
    {
      "name": "CVE-2022-41282",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41282"
    },
    {
      "name": "CVE-2015-3194",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3194"
    },
    {
      "name": "CVE-2015-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1789"
    },
    {
      "name": "CVE-2022-46350",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46350"
    },
    {
      "name": "CVE-2022-46142",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46142"
    },
    {
      "name": "CVE-2015-0290",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0290"
    },
    {
      "name": "CVE-2016-6304",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6304"
    },
    {
      "name": "CVE-2022-46348",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46348"
    },
    {
      "name": "CVE-2022-46140",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46140"
    },
    {
      "name": "CVE-2016-1908",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-1908"
    },
    {
      "name": "CVE-2016-2107",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2107"
    },
    {
      "name": "CVE-2019-16905",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-16905"
    },
    {
      "name": "CVE-2016-10009",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10009"
    },
    {
      "name": "CVE-2016-2181",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2181"
    },
    {
      "name": "CVE-2019-6111",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-6111"
    },
    {
      "name": "CVE-2016-8858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-8858"
    },
    {
      "name": "CVE-2016-6515",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6515"
    },
    {
      "name": "CVE-2015-3197",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3197"
    },
    {
      "name": "CVE-2022-41281",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41281"
    },
    {
      "name": "CVE-2018-25032",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-25032"
    },
    {
      "name": "CVE-2013-0169",
      "url": "https://www.cve.org/CVERecord?id=CVE-2013-0169"
    },
    {
      "name": "CVE-2015-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1788"
    },
    {
      "name": "CVE-2016-2106",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2106"
    },
    {
      "name": "CVE-2015-0207",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0207"
    },
    {
      "name": "CVE-2015-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1792"
    },
    {
      "name": "CVE-2020-7580",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7580"
    },
    {
      "name": "CVE-2015-0285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0285"
    },
    {
      "name": "CVE-2016-0799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0799"
    },
    {
      "name": "CVE-2015-1794",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1794"
    },
    {
      "name": "CVE-2022-34821",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-34821"
    },
    {
      "name": "CVE-2016-6308",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6308"
    },
    {
      "name": "CVE-2021-44694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44694"
    },
    {
      "name": "CVE-2016-6306",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6306"
    },
    {
      "name": "CVE-2017-15906",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-15906"
    },
    {
      "name": "CVE-2021-44695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44695"
    },
    {
      "name": "CVE-2022-3161",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3161"
    },
    {
      "name": "CVE-2016-10010",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10010"
    },
    {
      "name": "CVE-2022-45936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45936"
    },
    {
      "name": "CVE-2022-46265",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46265"
    },
    {
      "name": "CVE-2016-0704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0704"
    },
    {
      "name": "CVE-2016-0702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0702"
    },
    {
      "name": "CVE-2017-3735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
    },
    {
      "name": "CVE-2022-32205",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32205"
    },
    {
      "name": "CVE-2014-8176",
      "url": "https://www.cve.org/CVERecord?id=CVE-2014-8176"
    },
    {
      "name": "CVE-2016-2183",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2183"
    },
    {
      "name": "CVE-2015-3193",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3193"
    },
    {
      "name": "CVE-2022-43723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43723"
    },
    {
      "name": "CVE-2018-15473",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-15473"
    },
    {
      "name": "CVE-2015-0293",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0293"
    },
    {
      "name": "CVE-2022-45484",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45484"
    },
    {
      "name": "CVE-2015-5352",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-5352"
    },
    {
      "name": "CVE-2015-0287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0287"
    },
    {
      "name": "CVE-2003-0190",
      "url": "https://www.cve.org/CVERecord?id=CVE-2003-0190"
    },
    {
      "name": "CVE-2018-20685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-20685"
    },
    {
      "name": "CVE-2016-6305",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6305"
    },
    {
      "name": "CVE-2015-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1787"
    },
    {
      "name": "CVE-2016-0798",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0798"
    },
    {
      "name": "CVE-2022-46143",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46143"
    },
    {
      "name": "CVE-2022-41286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41286"
    },
    {
      "name": "CVE-2016-10012",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10012"
    },
    {
      "name": "CVE-2022-41278",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41278"
    },
    {
      "name": "CVE-2022-32206",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-32206"
    },
    {
      "name": "CVE-2015-8325",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-8325"
    },
    {
      "name": "CVE-2022-41287",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41287"
    },
    {
      "name": "CVE-2022-45937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-45937"
    },
    {
      "name": "CVE-2022-46354",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46354"
    },
    {
      "name": "CVE-2022-43724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43724"
    },
    {
      "name": "CVE-2022-43722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-43722"
    },
    {
      "name": "CVE-2016-6210",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-6210"
    },
    {
      "name": "CVE-2015-3196",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-3196"
    },
    {
      "name": "CVE-2015-0209",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0209"
    },
    {
      "name": "CVE-2022-41284",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41284"
    },
    {
      "name": "CVE-2016-2842",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2842"
    },
    {
      "name": "CVE-2015-0291",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0291"
    },
    {
      "name": "CVE-2016-2180",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2180"
    },
    {
      "name": "CVE-2021-44693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-44693"
    },
    {
      "name": "CVE-2022-3602",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3602"
    },
    {
      "name": "CVE-2016-2182",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2182"
    },
    {
      "name": "CVE-2016-0797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0797"
    },
    {
      "name": "CVE-2015-6574",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-6574"
    },
    {
      "name": "CVE-2015-0289",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0289"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2019-13924",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-13924"
    },
    {
      "name": "CVE-2016-2109",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2109"
    },
    {
      "name": "CVE-2016-2108",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2108"
    },
    {
      "name": "CVE-2022-44575",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-44575"
    },
    {
      "name": "CVE-2022-41285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-41285"
    },
    {
      "name": "CVE-2022-46664",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-46664"
    },
    {
      "name": "CVE-2022-30065",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-30065"
    },
    {
      "name": "CVE-2022-3159",
      "url": "https://www.cve.org/CVERecord?id=CVE-2022-3159"
    },
    {
      "name": "CVE-2015-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1790"
    },
    {
      "name": "CVE-2016-0778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0778"
    },
    {
      "name": "CVE-2018-4848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2018-4848"
    }
  ],
  "initial_release_date": "2022-12-13T00:00:00",
  "last_revision_date": "2022-12-13T00:00:00",
  "links": [],
  "reference": "CERTFR-2022-AVI-1094",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2022-12-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
  "vendor_advisories": [
    {
      "published_at": "2022-12-13",
      "title": "Bulletin de s\u00e9curit\u00e9 Siemens",
      "url": "https://cert-portal.siemens.com/productcert/html/ssa-180579.html"
    }
  ]
}

CVE-2014-8176

Vulnerability from fstec - Published: 12.06.2015

Title

Уязвимость функции dtls1_clear_queues библиотеки OpenSSL, позволяющая нарушителю вызвать отказ в обслуживании или, возможно, оказать другое воздействие

Description

Уязвимость функции dtls1_clear_queues библиотеки OpenSSL вызвана переполнением буфера. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, вызвать отказ в обслуживании или, возможно, оказать другое воздействие

Severity ?


                    
                      AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vendor

Canonical Ltd., Red Hat Inc., Сообщество свободного программного обеспечения, OpenSSL Software Foundation

Software Name

Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, OpenSSL

Software Version

14.10 (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.04 (Ubuntu), 9 (Debian GNU/Linux), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 7 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.0.1c (OpenSSL), 1.0.1d (OpenSSL), 1.0.1e (OpenSSL), 1.0.1f (OpenSSL), 1.0.1a (OpenSSL), 1.0.1b (OpenSSL), 1.0.1 (OpenSSL), 1.0.1g (OpenSSL), 6 (Debian GNU/Linux), до 0.9.8z включительно (OpenSSL), 1.0.0a (OpenSSL), 1.0.0b (OpenSSL), 1.0.0c (OpenSSL), 1.0.0j (OpenSSL), 1.0.0k (OpenSSL), 1.0.0beta4 (OpenSSL), 1.0.0beta5 (OpenSSL), 1.0.0h (OpenSSL), 1.0.0i (OpenSSL), 1.0.1beta3 (OpenSSL), 1.0.0beta2 (OpenSSL), 1.0.0beta3 (OpenSSL), 1.0.0f (OpenSSL), 1.0.0g (OpenSSL), 1.0.1beta1 (OpenSSL), 1.0.1beta2 (OpenSSL), 1.0.0 (OpenSSL), 1.0.0beta1 (OpenSSL), 1.0.0d (OpenSSL), 1.0.0e (OpenSSL), 1.0.0l (OpenSSL)

Possible Mitigations

Использование рекомендаций: https://www.openssl.org/news/secadv_20150611.txt Для программных продуктов Red Hat Inc.: https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8176.xml Для Ubuntu: https://ubuntu.com/security/CVE-2014-8176 Для Debian GNU/Linux: https://security-tracker.debian.org/tracker/CVE-2014-8176

Reference

https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7 https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest https://www.openssl.org/news/secadv_20150611.txt https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351 http://www.securityfocus.com/bid/75159 https://openssl.org/news/secadv/20150611.txt http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015 http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015 https://bto.bluecoat.com/security-advisory/sa98 https://security.gentoo.org/glsa/201506-02 http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc https://kc.mcafee.com/corporate/index?page=content&id=SB10122 http://rhn.redhat.com/errata/RHSA-2015-1115.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html http://www.ubuntu.com/usn/USN-2639-1 http://www.securitytracker.com/id/1032564 http://www.debian.org/security/2015/dsa-3287 http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl http://rhn.redhat.com/errata/RHSA-2016-2957.html

CWE

CWE-119

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
  "CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Canonical Ltd., Red Hat Inc., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, OpenSSL Software Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "14.10 (Ubuntu), 6 (Red Hat Enterprise Linux), 7 (Red Hat Enterprise Linux), 12.04 (Ubuntu), 15.04 (Ubuntu), 9 (Debian GNU/Linux), 14.04 ESM (Ubuntu), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 7 (Debian GNU/Linux), 11 (Debian GNU/Linux), 1.0.1c (OpenSSL), 1.0.1d (OpenSSL), 1.0.1e (OpenSSL), 1.0.1f (OpenSSL), 1.0.1a (OpenSSL), 1.0.1b (OpenSSL), 1.0.1 (OpenSSL), 1.0.1g (OpenSSL), 6 (Debian GNU/Linux), \u0434\u043e 0.9.8z \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (OpenSSL), 1.0.0a (OpenSSL), 1.0.0b (OpenSSL), 1.0.0c (OpenSSL), 1.0.0j (OpenSSL), 1.0.0k (OpenSSL), 1.0.0beta4 (OpenSSL), 1.0.0beta5 (OpenSSL), 1.0.0h (OpenSSL), 1.0.0i (OpenSSL), 1.0.1beta3 (OpenSSL), 1.0.0beta2 (OpenSSL), 1.0.0beta3 (OpenSSL), 1.0.0f (OpenSSL), 1.0.0g (OpenSSL), 1.0.1beta1 (OpenSSL), 1.0.1beta2 (OpenSSL), 1.0.0 (OpenSSL), 1.0.0beta1 (OpenSSL), 1.0.0d (OpenSSL), 1.0.0e (OpenSSL), 1.0.0l (OpenSSL)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\nhttps://www.openssl.org/news/secadv_20150611.txt\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8176.xml\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/CVE-2014-8176\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://security-tracker.debian.org/tracker/CVE-2014-8176",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "12.06.2015",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "27.04.2022",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "27.04.2022",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2022-02639",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2014-8176",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Ubuntu, Red Hat Enterprise Linux, Debian GNU/Linux, OpenSSL",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Canonical Ltd. Ubuntu 14.10 , Red Hat Inc. Red Hat Enterprise Linux 6 , Red Hat Inc. Red Hat Enterprise Linux 7 , Canonical Ltd. Ubuntu 12.04 , Canonical Ltd. Ubuntu 15.04 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , Canonical Ltd. Ubuntu 14.04 ESM , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 7 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 11 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 6 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dtls1_clear_queues \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0412\u044b\u0445\u043e\u0434 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u0438 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u044b \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-119)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 dtls1_clear_queues \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 OpenSSL \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0438\u043b\u0438, \u0432\u043e\u0437\u043c\u043e\u0436\u043d\u043e, \u043e\u043a\u0430\u0437\u0430\u0442\u044c \u0434\u0440\u0443\u0433\u043e\u0435 \u0432\u043e\u0437\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0435",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7\nhttps://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest\nhttps://www.openssl.org/news/secadv_20150611.txt\nhttps://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351\nhttp://www.securityfocus.com/bid/75159\nhttps://openssl.org/news/secadv/20150611.txt\nhttp://fortiguard.com/advisory/openssl-vulnerabilities-june-2015\nhttp://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015\nhttps://bto.bluecoat.com/security-advisory/sa98\nhttps://security.gentoo.org/glsa/201506-02\nhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html\nhttp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc\nhttps://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122\nhttp://rhn.redhat.com/errata/RHSA-2015-1115.html\nhttp://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html\nhttp://www.ubuntu.com/usn/USN-2639-1\nhttp://www.securitytracker.com/id/1032564\nhttp://www.debian.org/security/2015/dsa-3287\nhttp://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl\nhttp://rhn.redhat.com/errata/RHSA-2016-2957.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e \u0437\u0430\u0449\u0438\u0442\u044b",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-119",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,3)"
}

FKIE_CVE-2014-8176

Vulnerability from fkie_nvd - Published: 2015-06-12 19:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
secalert@redhat.com	http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
secalert@redhat.com	http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
secalert@redhat.com	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2015-1115.html
secalert@redhat.com	http://rhn.redhat.com/errata/RHSA-2016-2957.html
secalert@redhat.com	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
secalert@redhat.com	http://www.debian.org/security/2015/dsa-3287
secalert@redhat.com	http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
secalert@redhat.com	http://www.securityfocus.com/bid/75159
secalert@redhat.com	http://www.securitytracker.com/id/1032564
secalert@redhat.com	http://www.ubuntu.com/usn/USN-2639-1
secalert@redhat.com	https://bto.bluecoat.com/security-advisory/sa98
secalert@redhat.com	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
secalert@redhat.com	https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7
secalert@redhat.com	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351	Third Party Advisory
secalert@redhat.com	https://kc.mcafee.com/corporate/index?page=content&id=SB10122
secalert@redhat.com	https://openssl.org/news/secadv/20150611.txt
secalert@redhat.com	https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest	Exploit
secalert@redhat.com	https://security.gentoo.org/glsa/201506-02
secalert@redhat.com	https://www.openssl.org/news/secadv_20150611.txt	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015
af854a3a-2127-422b-91ae-364da2661108	http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2015-1115.html
af854a3a-2127-422b-91ae-364da2661108	http://rhn.redhat.com/errata/RHSA-2016-2957.html
af854a3a-2127-422b-91ae-364da2661108	http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3287
af854a3a-2127-422b-91ae-364da2661108	http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/75159
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032564
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2639-1
af854a3a-2127-422b-91ae-364da2661108	https://bto.bluecoat.com/security-advisory/sa98
af854a3a-2127-422b-91ae-364da2661108	https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf
af854a3a-2127-422b-91ae-364da2661108	https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7
af854a3a-2127-422b-91ae-364da2661108	https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://kc.mcafee.com/corporate/index?page=content&id=SB10122
af854a3a-2127-422b-91ae-364da2661108	https://openssl.org/news/secadv/20150611.txt
af854a3a-2127-422b-91ae-364da2661108	https://rt.openssl.org/Ticket/Display.html?id=3286&user=guest&pass=guest	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201506-02
af854a3a-2127-422b-91ae-364da2661108	https://www.openssl.org/news/secadv_20150611.txt	Vendor Advisory

Impacted products

Vendor	Product	Version
openssl	openssl	*
openssl	openssl	1.0.0
openssl	openssl	1.0.0
openssl	openssl	1.0.0
openssl	openssl	1.0.0
openssl	openssl	1.0.0
openssl	openssl	1.0.0
openssl	openssl	1.0.0a
openssl	openssl	1.0.0b
openssl	openssl	1.0.0c
openssl	openssl	1.0.0d
openssl	openssl	1.0.0e
openssl	openssl	1.0.0f
openssl	openssl	1.0.0g
openssl	openssl	1.0.0h
openssl	openssl	1.0.0i
openssl	openssl	1.0.0j
openssl	openssl	1.0.0k
openssl	openssl	1.0.0l
openssl	openssl	1.0.1
openssl	openssl	1.0.1
openssl	openssl	1.0.1
openssl	openssl	1.0.1
openssl	openssl	1.0.1a
openssl	openssl	1.0.1b
openssl	openssl	1.0.1c
openssl	openssl	1.0.1d
openssl	openssl	1.0.1e
openssl	openssl	1.0.1f
openssl	openssl	1.0.1g

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28EB262-0B86-4956-B15A-66E93EBA408F",
              "versionEndIncluding": "0.9.8z",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FBD8C92-6138-4274-ACBA-D7D42DAEC5AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "3A2075BD-6102-4B0F-839A-836E9585F43B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "2A2FA09E-2BF7-4968-B62D-00DA57F81EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "F02E634E-1E3D-4E44-BADA-76F92483A732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
              "matchCriteriaId": "FCC2B07A-49EF-411F-8A4D-89435E22B043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
              "matchCriteriaId": "7E9480D6-3B6A-4C41-B8C1-C3F945040772",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
              "matchCriteriaId": "10FF0A06-DA61-4250-B083-67E55E362677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6BA453-C150-4159-B80B-5465EFF83F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
              "matchCriteriaId": "638A2E69-8AB6-4FEA-852A-FEF16A500C1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C47D3A-B99D-401D-B6B8-1194B2DB4809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
              "matchCriteriaId": "08355B10-E004-4BE6-A5AE-4D428810580B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
              "matchCriteriaId": "738BCFDC-1C49-4774-95AE-E099F707DEF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4B242C0-D27D-4644-AD19-5ACB853C9DC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DC683F2-4346-4E5E-A8D7-67B4F4D7827B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
              "matchCriteriaId": "764B7D38-BC1B-47DB-B1DF-D092BDA4BFCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
              "matchCriteriaId": "6604E7BE-9F9B-444D-A63A-F65D1CFDF3BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
              "matchCriteriaId": "132B9217-B0E0-4E3E-9096-162AA28E158E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
              "matchCriteriaId": "7619F9A0-9054-4217-93D1-3EA64876C5B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1C00C0-C77E-4255-9ECA-20F2673C7366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "21F16D65-8A46-4AC7-8970-73AB700035FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "92F393FF-7E6F-4671-BFBF-060162E12659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "E1B85A09-CF8D-409D-966E-168F9959F6F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A66E6CF-39CF-412E-8EF0-8E10BA21B4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
              "matchCriteriaId": "C684FB18-FDDC-4BED-A28C-C23EE6CD0094",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
              "matchCriteriaId": "A74A79A7-4FAF-4C81-8622-050008B96AE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDACCB9-8D61-49EE-9957-9E58BC7BB031",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4993DD56-F9E3-4AC8-AC3E-BF204B950DEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
              "matchCriteriaId": "E884B241-F9C3-44F8-A420-DE65F5F3D660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A383620-B4F7-44A7-85DA-A4FF2E115D80",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n dtls1_clear_queues en ssl/d1_lib.c en OpenSSL anterior a 0.9.8za, 1.0.0 anterior a 1.0.0m, y 1.0.1 anterior a 1.0.1h libera estructuras de datos sin considerar que los datos de la aplicaci\u00f3n puedan llegar entre un mensaje ChangeCipherSpec y un mensaje Finished, lo que permite a pares remotos de DTLS causar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria y ca\u00edda de aplicaci\u00f3n) o posiblemente tener otro impacto no especificado a trav\u00e9s de datos de la aplicaci\u00f3n no esperados."
    }
  ],
  "id": "CVE-2014-8176",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-06-12T19:59:00.070",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2015/dsa-3287"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/75159"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1032564"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-2639-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bto.bluecoat.com/security-advisory/sa98"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://openssl.org/news/secadv/20150611.txt"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://security.gentoo.org/glsa/201506-02"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv_20150611.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2015/dsa-3287"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/75159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-2639-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bto.bluecoat.com/security-advisory/sa98"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://openssl.org/news/secadv/20150611.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201506-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv_20150611.txt"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CNVD-2015-03812

Vulnerability from cnvd - Published: 2015-06-17

Title

OpenSSL dtls1_clear_queues函数拒绝服务漏洞

Description

OpenSSL是一种开放源码的SSL实现，用来实现网络通信的高强度加密，现在被广泛地用于各种网络应用程序中。 OpenSSL的ssl/d1_lib.c文件中的‘dtls1_clear_queues’函数存在安全漏洞，由于程序缓冲ChangeCipherSpec和Finished消息之间的应用程序数据时未能正确释放数据结构。允许远程攻击者利用此漏洞使内存破坏及应用崩溃，可造成拒绝服务。

Severity

高

Patch Name

OpenSSL dtls1_clear_queues函数拒绝服务漏洞的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： https://www.openssl.org/news/secadv_20150611.txt

Reference

https://www.openssl.org/news/secadv_20150611.txt https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8176

Impacted products

Name
['OpenSSL OpenSSL <0.9.8zg', 'OpenSSL OpenSSL 1.0.0(<1.0.0s)', 'OpenSSL OpenSSL 1.0.1(<1.0.1n)', 'OpenSSL OpenSSL 1.0.2(<1.0.2b)']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "75159"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2014-8176"
    }
  },
  "description": "OpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002 \r\n\r\nOpenSSL\u7684ssl/d1_lib.c\u6587\u4ef6\u4e2d\u7684\u2018dtls1_clear_queues\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u7f13\u51b2ChangeCipherSpec\u548cFinished\u6d88\u606f\u4e4b\u95f4\u7684\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u65f6\u672a\u80fd\u6b63\u786e\u91ca\u653e\u6570\u636e\u7ed3\u6784\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7f\u5185\u5b58\u7834\u574f\u53ca\u5e94\u7528\u5d29\u6e83\uff0c\u53ef\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "discovererName": "Emilia K\u00e4sper of the OpenSSL development team.",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttps://www.openssl.org/news/secadv_20150611.txt",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-03812",
  "openTime": "2015-06-17",
  "patchDescription": "OpenSSL\u662f\u4e00\u79cd\u5f00\u653e\u6e90\u7801\u7684SSL\u5b9e\u73b0\uff0c\u7528\u6765\u5b9e\u73b0\u7f51\u7edc\u901a\u4fe1\u7684\u9ad8\u5f3a\u5ea6\u52a0\u5bc6\uff0c\u73b0\u5728\u88ab\u5e7f\u6cdb\u5730\u7528\u4e8e\u5404\u79cd\u7f51\u7edc\u5e94\u7528\u7a0b\u5e8f\u4e2d\u3002 \r\n\r\nOpenSSL\u7684ssl/d1_lib.c\u6587\u4ef6\u4e2d\u7684\u2018dtls1_clear_queues\u2019\u51fd\u6570\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u7f13\u51b2ChangeCipherSpec\u548cFinished\u6d88\u606f\u4e4b\u95f4\u7684\u5e94\u7528\u7a0b\u5e8f\u6570\u636e\u65f6\u672a\u80fd\u6b63\u786e\u91ca\u653e\u6570\u636e\u7ed3\u6784\u3002\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u6b64\u6f0f\u6d1e\u4f7f\u5185\u5b58\u7834\u574f\u53ca\u5e94\u7528\u5d29\u6e83\uff0c\u53ef\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002OpenSSL dtls1_clear_queues\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e",
  "patchName": "OpenSSL dtls1_clear_queues\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "OpenSSL  OpenSSL \u003c0.9.8zg",
      "OpenSSL  OpenSSL 1.0.0(\u003c1.0.0s)",
      "OpenSSL  OpenSSL 1.0.1(\u003c1.0.1n)",
      "OpenSSL  OpenSSL 1.0.2(\u003c1.0.2b)"
    ]
  },
  "referenceLink": "https://www.openssl.org/news/secadv_20150611.txt\r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8176",
  "serverity": "\u9ad8",
  "submitTime": "2015-06-16",
  "title": "OpenSSL dtls1_clear_queues\u51fd\u6570\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

GSD-2014-8176

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2014-8176

Aliases

CVE-2014-8176

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-8176",
    "description": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.",
    "id": "GSD-2014-8176",
    "references": [
      "https://www.suse.com/security/cve/CVE-2014-8176.html",
      "https://www.debian.org/security/2015/dsa-3287",
      "https://access.redhat.com/errata/RHSA-2016:2957",
      "https://access.redhat.com/errata/RHSA-2015:1115",
      "https://ubuntu.com/security/CVE-2014-8176",
      "https://alas.aws.amazon.com/cve/html/CVE-2014-8176.html",
      "https://linux.oracle.com/cve/CVE-2014-8176.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-8176"
      ],
      "details": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data.",
      "id": "GSD-2014-8176",
      "modified": "2023-12-13T01:22:49.634450Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2014-8176",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2016-2957.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
          },
          {
            "name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
            "refsource": "MISC",
            "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc",
            "refsource": "MISC",
            "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
          },
          {
            "name": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html",
            "refsource": "MISC",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
          },
          {
            "name": "http://rhn.redhat.com/errata/RHSA-2015-1115.html",
            "refsource": "MISC",
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
          },
          {
            "name": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl",
            "refsource": "MISC",
            "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
          },
          {
            "name": "http://www.debian.org/security/2015/dsa-3287",
            "refsource": "MISC",
            "url": "http://www.debian.org/security/2015/dsa-3287"
          },
          {
            "name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
            "refsource": "MISC",
            "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
          },
          {
            "name": "http://www.securitytracker.com/id/1032564",
            "refsource": "MISC",
            "url": "http://www.securitytracker.com/id/1032564"
          },
          {
            "name": "http://www.ubuntu.com/usn/USN-2639-1",
            "refsource": "MISC",
            "url": "http://www.ubuntu.com/usn/USN-2639-1"
          },
          {
            "name": "https://bto.bluecoat.com/security-advisory/sa98",
            "refsource": "MISC",
            "url": "https://bto.bluecoat.com/security-advisory/sa98"
          },
          {
            "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
            "refsource": "MISC",
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
          },
          {
            "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
            "refsource": "MISC",
            "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
          },
          {
            "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122",
            "refsource": "MISC",
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
          },
          {
            "name": "https://openssl.org/news/secadv/20150611.txt",
            "refsource": "MISC",
            "url": "https://openssl.org/news/secadv/20150611.txt"
          },
          {
            "name": "https://security.gentoo.org/glsa/201506-02",
            "refsource": "MISC",
            "url": "https://security.gentoo.org/glsa/201506-02"
          },
          {
            "name": "https://www.openssl.org/news/secadv_20150611.txt",
            "refsource": "MISC",
            "url": "https://www.openssl.org/news/secadv_20150611.txt"
          },
          {
            "name": "http://www.securityfocus.com/bid/75159",
            "refsource": "MISC",
            "url": "http://www.securityfocus.com/bid/75159"
          },
          {
            "name": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7",
            "refsource": "MISC",
            "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
          },
          {
            "name": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest",
            "refsource": "MISC",
            "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0i:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1c:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0h:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0j:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.9.8z",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0k:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:beta5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1f:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0l:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1d:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1e:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0b:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.0g:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:openssl:openssl:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2014-8176"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The dtls1_clear_queues function in ssl/d1_lib.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h frees data structures without considering that application data can arrive between a ChangeCipherSpec message and a Finished message, which allows remote DTLS peers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via unexpected application data."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/openssl/openssl/commit/470990fee0182566d439ef7e82d1abf18b7085d7"
            },
            {
              "name": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit"
              ],
              "url": "https://rt.openssl.org/Ticket/Display.html?id=3286\u0026user=guest\u0026pass=guest"
            },
            {
              "name": "https://www.openssl.org/news/secadv_20150611.txt",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.openssl.org/news/secadv_20150611.txt"
            },
            {
              "name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05184351"
            },
            {
              "name": "75159",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/75159"
            },
            {
              "name": "https://openssl.org/news/secadv/20150611.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://openssl.org/news/secadv/20150611.txt"
            },
            {
              "name": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
            },
            {
              "name": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://www.fortiguard.com/advisory/openssl-vulnerabilities-june-2015"
            },
            {
              "name": "https://bto.bluecoat.com/security-advisory/sa98",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://bto.bluecoat.com/security-advisory/sa98"
            },
            {
              "name": "GLSA-201506-02",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201506-02"
            },
            {
              "name": "openSUSE-SU-2015:1277",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00037.html"
            },
            {
              "name": "NetBSD-SA2015-008",
              "refsource": "NETBSD",
              "tags": [],
              "url": "http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2015-008.txt.asc"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10122"
            },
            {
              "name": "RHSA-2015:1115",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2015-1115.html"
            },
            {
              "name": "SUSE-SU-2015:1185",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00007.html"
            },
            {
              "name": "USN-2639-1",
              "refsource": "UBUNTU",
              "tags": [],
              "url": "http://www.ubuntu.com/usn/USN-2639-1"
            },
            {
              "name": "1032564",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032564"
            },
            {
              "name": "DSA-3287",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2015/dsa-3287"
            },
            {
              "name": "20150612 Multiple Vulnerabilities in OpenSSL (June 2015) Affecting Cisco Products",
              "refsource": "CISCO",
              "tags": [],
              "url": "http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150612-openssl"
            },
            {
              "name": "RHSA-2016:2957",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://rhn.redhat.com/errata/RHSA-2016-2957.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-412672.pdf"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2022-12-13T12:15Z",
      "publishedDate": "2015-06-12T19:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2014-8176 (GCVE-0-2014-8176)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature